Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: [Wireshark-dev] What kind of L7 protocols are dissected based on content identification?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: 王睿思 <wangruisijdg@xxxxxxxxx>
Date: Mon, 2 Mar 2009 16:46:17 +0800

Hello:
    I have reading the source code for days, and still I can't
distinguish the L7 protocols between the port identified and content
identified.
   for example: supposing an  packet used the protocols:
"IP-TCP-RTSP",  but when dissect how can the dissect_tcp() find its
subdissector is dissect_rtsp(), did it's based port identification or
content identification?
  Besides, is there any method to know the data type in the
application layer?(e.g. if we could find the payload of RTSP is audio
or video and so on)
Some one could, please, tell me ?

Best regards,

 Kathryn
  • Follow-Ups:
    • Re: [Wireshark-dev] What kind of L7 protocols are dissected based on content identification?
      • From: Guy Harris
  • Prev by Date: Re: [Wireshark-dev] Splitting packet_info struct for performance reasons?
  • Next by Date: Re: [Wireshark-dev] decoding depth & capture format
  • Previous by thread: Re: [Wireshark-dev] Splitting packet_info struct for performance reasons?
  • Next by thread: Re: [Wireshark-dev] What kind of L7 protocols are dissected based on content identification?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation